TAMPA, FL – ConnectWise, the world’s leading software company dedicated to the success of IT solution providers, today announced the findings of its annual MSP Threat Report. Now in its fifth year, the report analyzes key security incidents and trends from the past 12 months, equipping IT solution providers with expert guidance for the year ahead.
To protect the operations of small and medium-sized businesses (SMBs), it is essential to remain well-informed and proactive in the face of the constantly evolving threat landscape. To achieve this, the ConnectWise Cyber Research Unit (CRU) conducted an extensive analysis of half a million cybersecurity incidents that affected IT solution providers and their clients. This analysis focused on identifying the most targeted vulnerabilities, such as the implications of Windows Server 2012 end-of-life and included a comparative analysis of popular tactics employed by threat actors between 2022 and 2023.
“This year’s threat report serves as a stark reminder of the daunting challenges that the industry faces in developing and implementing effective cybersecurity strategies in an ever-changing and growing threat landscape,” said Patrick Beggs, Chief Information Security Officer at ConnectWise. “Our report is specifically tailored to empower SMBs in navigating the escalating complexity and noise surrounding cybersecurity, enabling them to prioritize the best practices necessary to safeguard their IT environments. The findings of the 2024 MSP Threat Report sheds light on the heightened risks stemming from outdated software, vulnerabilities associated with remote work environments, and the alarming surge in both the frequency and impact of ransomware attacks. These mission-critical challenges demand immediate attention from IT solution providers as they gear up for the upcoming year.”
The report features detailed graphics to help IT solution providers cross-reference popular MITRE ATT&CK techniques to determine which are most likely to impact SMBs. A heat map of the 214 distinct MITRE ATT&CK techniques and sub-techniques in cybersecurity incidents observed during 2023 provides partners with more confidence when investing in cybersecurity strategies to defend against attacks.
Beggs emphasized: “At ConnectWise, we take immense pride in leveraging the invaluable insights derived from our integrated cyber infrastructure to equip our partners with actionable intelligence, empowering them to serve SMBs with unwavering confidence.”
One of the most significant trends identified in the report was the continually surging incidents of drive-by compromise attacks. A standard cybersecurity defense posture operates under the assumption that an attacker will proactively reach its target and engage with them within a given threat surface. However, the 2024 MSP Threat Report uncovered that during 2023 there was an increase in malicious activity using a different delivery approach in which threat actors place themselves so that victims proactively come to them, known as a drive-by compromise.
The MSP Threat Report also highlights several key cybersecurity considerations for IT solution providers in 2024:
- The importance of IT solution providers securing SMBs, as they often lack the resources for comprehensive cybersecurity measures. IT solution providers play a crucial role in protecting SMBs from emerging threats by providing expert guidance, patch management, and cost-effective solutions.
- The top MITRE ATT&CK techniques observed in cybersecurity incidents, focusing on defense evasion tactics employed by threat actors. The report also highlighted the most exploited vulnerabilities, including those in popular software such as FortiOS, Citrix ShareFile, and MOVEit Transfer.
- In addition to detailing the surging trend of drive-by compromises, where threat actors lure victims to malicious websites through techniques like search engine optimization (SEO) poisoning and malvertising, it also discussed threat actors’ increasing use of defense evasion techniques, such as obfuscated files and living-off-the-land binaries (LOLBins).
- A comprehensive analysis of ransomware trends that revealed a 94% increase in ransomware sightings in 2023 compared to the previous year. It examined the top five most sighted ransomware groups, their techniques, and the overall shift toward attacks of targeting SMBs.
To download the report, please click here. To learn more about ConnectWise, please visit connectwise.com.
About the report
The ConnectWise 2024 MSP Threat Report was created by the ConnectWise Cyber Research Unit (CRU)—a dedicated team of ConnectWise threat hunters who identify and research new vulnerabilities and publicly share what they find across the community. The ConnectWise CRU monitors ransom leak sites and malicious botnets for new threats, uses OSINT resources, and utilizes data from ConnectWise SIEM™ to help create content and complete research.
About ConnectWise
ConnectWise is the world’s leading software company dedicated to the success of IT solution providers that support millions of small and midsized businesses (SMBs) globally. With over 40 years of commitment to partner success, ConnectWise provides unmatched software, services, community, and integrations to fuel profitable growth. ConnectWise introduced the world’s first true TSP platform—Asio™—providing unprecedented flexibility and security with built-in artificial intelligence, robotic process automation, and machine learning capabilities. It all adds up to efficient, productive end-to-end TSP solutions, including IT documentation, data management, cybersecurity, remote monitoring, and backup technologies. Discover how ConnectWise is transforming the IT industry at connectwise.com.